0Xbencantcode

**Name of the Vulnerable Software and Affected Versions** kitty versions prior to 0.41.0 **Description** The issue concerns the open actions.py script in kitty, which does not request user confirmation before executing a local executable file. This file may have been linked from an untrusted document, such as one opened in KDE ghostwriter. **Recommendations** For versions prior to 0.41.0, update to version 0.41.0 or later to resolve the issue. As a temporary workaround, consider disabling the execution of local executable files linked from untrusted documents until a patch is applied. Restrict access to the open actions.py script to minimize the risk of exploitation.